Threat description



This is not a virus, bot a hoax which was originally distributed on the April Fools Day in 1996. Ignore it.


Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

Here's the original hoax:




A new extremely threatening virus has been discovered. Its key features are

  • it is a hardware based virus
  • it can be transmitted over any communications network
  • it does not require executable code to travel
  • it is a targetable virus i.e. the virus can be set to target a particular PC or group of PCs
  • it is immune to existing anti-virus software


This is a brief paper summarising what is known about the new virus. Techniques for preventing infection are proposed.

Virus Description

The new virus has become known as the Swamp Virus. Its official reference number is 01/0496.


The Swamp Virus is a hardware based virus. It attacks the internal hardware of the PC causing electrical problems. These in turn cause software problems rendering the PC completely unusable. In many cases the PC will become usable again once it has got over the .attack.; in others the PC is effectively destroyed.


The Swamp Virus can only be transmitted directly over the Internet or other communications network. It does not have to be executable code; it can be carried on any data stream whatsoever. It cannot be conducted from PC to PC via floppy disk.


It works by utilising TCP/IP, the communications and internetworking protocols, at a very low level. Indeed it is attached to data streams at the bit level.


Experts in many countries have been working on ways to improve the carrying capacity, or bandwidth, of existing networks using techniques such as multiplexing. Scientists from the Avril Institute in Bern, Switzerland, have developed a technique whereby a small number of molecules of various substances can be attached to data at the bit level. Their goal is to cease using the bit as a data item and to use it merely as a carrier for the data. The data is physically mapped onto the molecules using the protons and electrons, the neutrons and neutrinos being used for control information and parity checking. Use of this technique will expand the capacity of a network by the data capacity of the molecules. The data carrying capacity of the bit will depend on the size of the attached molecules. The only identified drawback with this development is that a high speed communications link is required. This is because the molecules must remain in a gaseous state to stay attached to the bit. To remain in this state they require the friction - and consequent heat - developed by the high speed link. As soon as the friction and heat are removed the molecules condense and lose their data carrying capacity as well as their attachment to the bit.


This technological advance has been seized upon by an Anarchist Hacker Group - the April I Group. They have stolen equipment from the Avril Institute and have been using it to attach water molecules in a gaseous form to the bit streams generated by TCP/IP when sending emails. As soon as the email is received by your PC it loses the friction from the high speed link and the water molecules condense within the data bus on the motherboard.

This causes electrical problems, and, in the case of large

emails, total destruction of the motherboard due to .swamping..


It is believed that the April I Hacker Group - are planning to flood the Internet with vast quantities of email messages during the early part of April with particular emphasis being placed on the 1st - the anniversary of the day their self-appointed leader was arrested and charged with breaking out of a secure Government computer system.


It is strongly recommended that you do not receive any email on that day. This will provide 100% protection for your PC. Unfortunately, however, it is thought that many of the hundreds of mail servers on the Internet may suffer damage as your email messages are held by them pending retrieval. As your messages will be held on disk, the absence of friction over the communications network will cause the water molecules to condense from their gaseous form, damaging the motherboards on the mail servers.

Emails received after this date will be quite safe as the attached water molecules will have already condensed from the email bit stream.

Further information can be obtained from Professor P. Ranque at the Avril Institute. Email p_ranque@avril.fuel.edu


Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info